"Time has come to move from reactive to proactive and predictive digital forensics."
During and post COVID 19 work from home is a new normal. The attack surface has increased and the number of attacks as well as attack vectors have multiplied manifold. With technology occupying a prominent place in our daily lives, cybercriminals have become hyperactive to execute their nefarious designs and steal sensitive information from users. From corporate houses to individual users and from government officials to small traders, no category today is immune from hacking attempts. India faces around 3700 cyber-attacks every day. The National Crime Record Bureau (NCRB) data suggests 11 per cent jump in cybercrime cases in 2020 and an exponential increase in 2021.The Indian Computer Emergency Response Team (CERT-In) reported more than 2.12 Lakhs cybersecurity incidents in first 2 months of 2022 while the total number of incidents in 2021 was 14.02 Lakhs.
Every cybercrime incident requires investigation which can assist the law enforcement to bring perpetrators to justice. Every crime is associated with one or many digital assets which needs to be analysed. This analysis is carried out by digital forensics.
Understanding Digital Forensics
It is the newest branch of forensic science approximately three decades old, But the most rapidly evolving one With change in technology. Digital forensics is study of traces. An event is a result of trace modification which is observable. Cyber forensics or digital forensics is one and the same as the terminology is being interchangeably used by different experts. The outcome of digital forensics is the report which should not only be accurate, but credible and also stand legal scrutiny.
“Digital Forensics is the use of scientifically derived and proved methods towards the of digital evidence derived from digital sources for the purpose of facilitating and furthering the reconstruction of events found to be criminal or helping to anticipate unauthorised actions shown to be disruptive to planned actions” This was coined during first Digital Forensics Research workshop (DFRWS 2001).
In simple language digital forensics is producing digital evidence in the sound forensic manner to the court of law such that it stands legal scrutiny.
Digital forensics involves processes and procedures. Processes such as identification, reservation, collection, examination, analysis, presentation and a few more. Most commonly used procedures are those formulated by DFRWS, Henry Lee , Reith /Carr/Gunsch and Ciardhuáin.
When performing digital forensics, we try to answer the following questions
• What: are the evidence related to the case
• Why: Intent
• How: Modus Operandi
• Who / Which: Assets are involved
• Where: Location
• When: Timeline of events
Present Scenario of Digital Forensics
With proliferation of the internet, cheap devices and enabling technologies, the challenges while carrying out digital forensics have increased manifold. Being niche field, skilled manpower is required for carrying out these tasks which are resource intensive. Establishing a digital forensic laboratory is a costly affair and hence only the government or big entities can afford the same.
Threat vectors are also changing with time and technology. Ransomware attacks and financial frauds are the new normal. Most of the devices which needs to be analysed are smart devices with proprietary encryption and compression techniques. Incident response teams need to be well equipped and trained to handle such kind of cyber incidents and collect evidence from the incident scene.
Indian Government Approach
Under the section 70B of the Indian IT Act 2000, Indian Computer Emergency Response Team is notified as national agency for incident response and under section 79A tot IT Act Central Government can notify any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence (EEE) for the purposes of providing expert opinion on electronic form evidence before any court. Ministry of Electronics and Information Technology is running a scheme for notification of laboratories as Examiner of Electronic Evidence. Till date, eleven government laboratories have been notified and in future many more will be. There is a strong possibility that private labs also may be notified in the near future, hence the industry should be ready for the same.
As per various global market researchers, digital forensics market is expected to grow at a compound annual growth rate of 11% to 17% by 2026 with revenue of approximate USD 10 billion. Maximum growth is to be seen in the APAC region. All these estimates are on the basis of the Government initiatives, internet penetration and the rise in the. cyber incidents.
India will be a leader in providing skilled man power in this particular niche field. With impetus building indigenous software and hardware we will shortly see the market with Indian products. The services sector in digital forensics will also see an exponential growth. Overall in the dark cloud of cybercrimes, there is a silver lining for the digital forensics field to flourish and prosper.
Author: Lt Col (Dr.) Santosh Khadsare, VP (DFIR), eSec Forte Technologies P. Ltd